ISC StormCast for Friday, October 27th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 26 October 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, October 27th, 2017 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Berlin, Germany. |
| 0:12.7 | Kasperski has, of course, been in the news recently, and I haven't really talked much about that story, because most of it really was more political than |
| 0:21.6 | technical. But Kaspersky now released a report of its internal investigation, which I think |
| 0:28.4 | makes some important points that you have to keep in mind with anti-malware products, and |
| 0:34.6 | that anti-malware products will occasionally send a file that they consider |
| 0:39.7 | suspicious back to the anti-malware company. At least this is what Kasperski suggests |
| 0:47.3 | happened in this particular case back in 2014 with an employee for the NSA developing exploits on a home computer that ran Kaspersky's |
| 1:01.0 | anti-malware software. This is an issue pretty much with any anti-malware company that they |
| 1:07.8 | may use their software to collect samples. Also, of course, with any web-based services that you are using to submit samples to, |
| 1:16.6 | VirusTotal, for example, makes it very clear that any samples being submitted to it |
| 1:22.6 | will be shared with researchers and other anti-malware vendors. Many modern anti-malware systems also depend on |
| 1:32.6 | constant network connectivity, for example, hatches of files are being sent via DNS and the like |
| 1:40.4 | in order to get a more real-time detection of any suspicious files. |
| 1:47.0 | And another big story, of course, the last few days was the RACA vulnerability. |
| 1:53.0 | RACA refers to the vulnerable RASA keys generated by many Infineon chips. This affected a wide range of hardware components, |
| 2:04.7 | for example, smart cards, but also trusted platform modules or TPM chips. If your system is |
| 2:13.7 | using one of the affected chips, then you need to update its firmware in order to actually receive good keys. |
| 2:23.3 | Now, even after you do update the firmware, you still need to create new keys in order to make sure that your system is secure. |
| 2:32.3 | In particular, if you are using these keys, for example, |
| 2:35.3 | to protect hard drive encryption keys. To make it easier to figure out if your system is secure, |
| 2:42.0 | there is now a fairly simple test script that you can use in order to check the keys on your |
| 2:48.7 | system. This particular script will retrieve the public key from your TPM module and check if it is |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.